https://bz.apache.org/bugzilla/show_bug.cgi?id=64607
Bug ID: 64607
Summary: RewriteRule: Incorrect description for the NoEscape
flag
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: bram-ncn...@mail.wizbit.be
Target Milestone: ---
Documentation for the NoEscape RewriteRule flag:
https://httpd.apache.org/docs/trunk/rewrite/flags.html#flag_ne
> By default, special characters, such as & and ?, for example, will be
> converted to their hexcode equivalent. Using the [NE] flag prevents that from
> happening.
Testing this however shows that this does *not* happen for the '&' character.
Digging into the code: as far as I can tell it either ends up in:
* modules/proxy/proy_util.c: ap_proxy_canonenc or
* server/util.c: ap_os_escape_path (which uses a list generated by
server/gen_test_char.c)
Both of these treat the '&' as an allowed character in a path.
For reference: list of characters that are treated as allowed (and are thus
never converted to their hexcode equivalent):
* alphanumeric characters
* characters: "$-_.+!*'(),:;@&=/~"
As a minimum I would drop the reference to '&' in the description since it's
incorrect.
I suppose it could be replaced with another character (such as '{') or as an
alternative list the characters that are allowed.
I.e. something like:
> By default, special characters(*) will be converted to their hexcode
> equivalent. Using the [NE] flag prevents that from happening.
> (*): special characters: characters that are *not*:
> - alphanumeric characters,
> - '$',
> - '-',
> - '_',
> - ...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org
For additional commands, e-mail: docs-h...@httpd.apache.org
